My friends and co-workers know that I build firewalls. At least once a month someone says “My company needs a firewall with X and Y, and the price quotes I’ve gotten are tens of thousands of dollars. Can you help us out?”

Anyone who builds firewalls knows this question could be more realistically phrased as “Could you please come over one evening and slap together some equipment for me, then let me randomly interrupt you for the next three to five years to have you install new features, debug problems, set up features I didn’t know enough to request, attend meetings to resolve problems that can’t possibly be firewall issues but someone thinks might be the firewall, and identify solutions for my innumerable unknown requirements? Oh, and be sure to test every possible use case before deploying anything.”

Refusing these requests makes me seem churlish. Accepting these requests ruins my cheerful demeanor. For a long time, I wouldn’t build firewalls except for my employer. pfSense lets me be a nicer person without having to actually work at it. With pfSense I can deploy a firewall in just a few hours — and most of that is running cables and explaining the difference between “inside” and “outside.” pfSense’s extensive documentation and user community offers me an easy answer to questions — “did you look that up?” If pfSense doesn’t support a feature, chances are I couldn’t support it either. But pfSense supports everything I could ask for, and with a friendly interface to boot. The wide userbase means that features are tested in many different environments and generally “just work,” even when interacting with the CEO’s kids’ Windows ME PC connected to the Internet by Ethernet over ATM over carrier pigeon. Best of all, pfSense is built on much of the same software I’d use myself. I trust the underlying FreeBSD operating system to be secure, stable, and efficient.

Security updates? Just click a button and reboot. You need new features? Just turn them on. pfSense handles clustering, traffic shaping, load balancing, integration with your existing equipment through RADIUS, IPsec, PPTP, monitoring, dynamic DNS, and more. Big-name industry suppliers charge outrageous fees to support what pfSense freely provides. If your employer insists on paying for support contracts, or if you just feel more secure knowing you can pick up the phone and scream for help, you can get pfSense support agreements very reasonably. If you don’t need a support contract, I happen to know that Chris, Jim, or anyone else with a pfSense commit bit will let grateful pfSense users buy them a beer or six.

Personally, I don’t build firewalls from scratch any more. When I need a firewall, I use pfSense.

Such an exciting time – PFSense nearing 1.2.3 release, Nanobsd, a new book and a recommendation from Michael Lucas! Chris, Scott & team – thank you so much, please keep up the great work – you guys rock!

Also waiting on a book from Amazon. They initially said it was due to arrive on the 5th of January (I am down under in Australia) but now it is due to arrive before Christmas. I am so excited that I might wrap it and put it under the tree!

I just received my copy and have started reading. Although I support PFSense virtually every day, I have already learned several additional things about this amazing firewall distribution. The book is well written with clear instructions, some great technical information, and excellent diagrams. Congratulations on a job well done!